Hello, recently we moved our users database to LDAP server, but after that sftp stops working on our students server.
We use: - OpenLDAP 2.4.21 - nss_ldap-1.265_3 - pam_ldap-1.8.5 - FreeBSD 9.0-CURRENT amd64 When I use sftp, it drops the connection: {volt}-{~}% sftp localhost Connecting to localhost... Connection closed {volt}-{~}% After short investigation, I've found that problem is in /usr/libexec/sftp-server program (which is our default subsystem in sshd): {volt}-{~}% /usr/libexec/sftp-server No user found for uid 5567 {volt}-{~}% what was quite weird, because sshd works perfectly with users from LDAP server (so I assume that PAM is configured correctly). After that, I've tried to make a simple test with program below: ======================= #include <sys/types.h> #include <pwd.h> #include <stdarg.h> #include <stdio.h> #include <unistd.h> int main(int argc, char **argv) { struct passwd *user_pw; user_pw = getpwuid(getuid()); if ((user_pw = getpwuid(getuid())) == NULL) { fprintf(stderr, "No user found for uid %lu\n", (u_long)getuid()); return 1; } else { fprintf(stderr, "It works %s!\nYour uid is: %lu\n", user_pw->pw_name, (u_long)getuid()); } return 0; } ======================= which is almost copy-pasted from /usr/src/crypto/openssh/sftp-server-main.c I've build it twice. Once with dynamic linking: {volt}-{~}% cc -o test test.c {volt}-{~}% ./test It works bulinskp! Your uid is: 5567 {volt}-{~}% another one with static linking: {volt}-{~}% cc -o test -static test.c {volt}-{~}% ./test No user found for uid 5567 {volt}-{~}% As you can see, it works great with dynamic linking, but if it's build with static linking it can't get user information from LDAP database. Could you be so kind and help me better understand this problem and find some solution for it (I spend some time trying to find it, but this is probably beyond my scope)? I would be really appreciate for any tip. Below are information about my PAM and NSS configuration: {volt}-{~}% cat /etc/nsswitch.conf | grep passwd passwd: files ldap {volt}-{~}% {volt}-{~}% cat /etc/pam.d/sshd | grep -v "^#" | grep -v "^$" auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth requisite /usr/local/lib/pam_af.so debug auth sufficient /usr/local/lib/pam_ldap.so no_warn auth required pam_unix.so no_warn try_first_pass account required pam_nologin.so account required pam_login_access.so account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user account required pam_unix.so session required pam_permit.so session sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass {volt}-{~}% regards -- Piotr Buliński Informatyka na Wydziale Elektrycznym Politechnika Warszawska